Reverse Engineering : An Introduction (Continued)
Since the language here is assembly so we’ll mostly be dealing with registers here.A register can be defined as a fast memory location that can be used to store data and perform operations upon them. They are present within the processor.
For a x86–64 architecture, the registers are 64 bit and there are 16 registers that are provided to us by Intel. Although these are 64 bit , but we can reference parts of them as per our needs.
Example: we could reference them as 32 bits, or 16 bits or even 8 bits (More of this ahead).
The first 6 registers, up-to %rdi, are general purpose registers.They store values for temporary storage and computation purpose.%rsp is the stack pointer. It always points to the top of the current stack frame.While %rbp is called the frame pointer or the base pointer. It points at the base of the stack frame.
Now as we discussed previously, we’ll often see our instructions appended with characters.So lets discuss the instructions first(though not all).
The instruction actually is “lea” and it has been appended with “q” to mean a quad word which means that there is a 64 bit register involved.
The instruction sets the destination to the address denoted by the expression in the source
This is an instruction to perform subtraction.
Equivalent to destination = destination - source
This is an instruction to perform addition.
Equivalent to destination = destination + source
This instruction performs multiplication.
Equivalent to destination = destination * source
There are other instructions as well like sar, xor, and, or, leave, etc. but we won’t be requiring them right now.
Assembly code for the program
Lets look at the code and analyze it.You’ll always see the first 2 and the last 2 lines in the output. They are called the prologue and the epilogue of the functions.They are quite important and is a topic for another time.
push operation pushes the item onto the stack, while pop operation pops the item from the stack.
Assembly Code for the program
